Tag: law enforcement

The FBI is struggling to decode private messages on phones and other mobile devices that could contain key criminal evidence, and the agency failed to access data more than half of the times it tried during the last fiscal year, FBI Director Christopher Wray told House lawmakers.

Wray will testify at the House Judiciary Committee Thursday morning on the wide range of issues the FBI faces. One of the issues hurting the FBI, he said, is the ability of criminals to “go dark,” or hide evidence electronically from authorities.

“The rapid pace of advances in mobile and other communication technologies continues to present a significant challenge to conducting lawful court-ordered access to digital information or evidence,” he said in his prepared remarks to the committee. “Unfortunately, there is a real and growing gap between law enforcement’s legal authority to access digital information and its technical ability to do so.”

Wray said criminals and terrorists are increasingly using these technologies. He added that the Islamic State is reaching potential recruits through encrypted messaging, which are difficult for the FBI to crack.

“If we cannot access this evidence, it will have ongoing, significant effects on our ability to identify, stop, and prosecute these offenders,” he said.

He noted that in the last fiscal year, the FBI was unable to access data on about 7,800 mobile devices, even though they had the legal authority to try. He said that was a little more than half of the mobile devices the FBI tried to access in fiscal year 2017.

Wray said the FBI tries to develop workarounds to get at the data, but doesn’t always succeed.

Wray also made it clear that the FBI is not asking for more legal authority to access mobile devices, but said, without being specific, that new ways must be found to let the FBI access this data.

“When changes in technology hinder law enforcement’s ability to exercise investigative tools and follow critical leads, those changes also hinder efforts to identify and stop criminals or terrorists,” he said.

He added that the FBI is “actively engaged” with companies to discuss the problem that “going dark” has on law enforcement, and the agency is working with academics and technologists to find “solutions to this problem.”

Wray is likely to be questioned on a wide range of topics at Thursday’s hearing, including new complaints from Republicans that Wray and other Justice Department officials have ignored requests for information about their actions in the Russia election meddling probe.

Republicans this week started writing a contempt resolution against Wray and others after the Justice Department failed to answer questions from lawmakers about why a top FBI agent was removed from the Russia probe. It was later discovered that the agent sympathized with Hillary Clinton and opposed then-presidential candidate Donald Trump.

The chairman of the House Homeland Security Committee said he plans to introduce legislation that would allow the creation of a “national commission on security and technology challenges in the Digital Age.”

The legislation “would bring together the technology sector, privacy and civil liberties groups, academics, and the law enforcement community to find common ground,” Chairman Rep. Michael McCaul (R-Texas) said in a Dec. 7 speech at National Defense University. “This will not be like other blue ribbon panels, established and forgotten.”

He said the ability of terrorist groups to use encrypted applications while communicating is one of his biggest fears. “We cannot stop what we cannot see,” he said in reference to recent attacks in San Bernardino, Calif., and Paris.

McCaul described the Islamic State as not a “terrorist group on the run” but a “terrorist group on the march.” He said 19 Islamic State-connected plots in the U.S. have been thwarted by government officials. But he added that terrorist groups are using the Internet to expand.

“Americans are being recruited by terrorist groups at the speed of broadband while we are responding at the speed of bureaucracy,” he said.

FBI Director James Comey has been a vocal critic of end-to-end encryption in commercial devices, and his advocacy has received a mixed reception on Capitol Hill. During an Oct. 27 hearing, Rep. Will Hurd (R-Texas), a former CIA officer who has private-sector cybersecurity experience, criticized Comey for saying encryption thwarts counterterrorism efforts and for “throwing certain companies under the bus by saying they’re not cooperating,” a charge that Comey denied.

In an interview, Hurd welcomed McCaul’s proposed commission by saying, “I think getting a group of industry experts from all sides of this issue to talk — and to not talk past one another — is ultimately a good thing.”

Hurd, a member of the Homeland Security Committee, said he would planned to speak with McCaul to make sure the commission had the “right folks in the room.”

He added that the right people would be leaders of technology firms whose encryption services have been at the center of debate and law enforcement officers who might be able to identify situations in which agencies would need to get around encryption, Hurd said.

But those situations still seem elusive. When he was a CIA officer working on cybersecurity issues, Hurd said he did not think of encryption as an insurmountable roadblock.

“Guess what? Encryption was around back then,” he said.

Hurd pointed out that intelligence can be gleaned from the contours of encrypted channels — such as communications between IP addresses — without decrypting the communications.

“I still haven’t gotten anybody to explain to me a very specific case where the investigation went cold” because of encryption, he said of his conversations with law enforcement officials.

McCaul sounded a more dire note by saying, “I have personally been briefed on cases where terrorists communicated in darkness and where we couldn’t shine a light, even with a lawful warrant.”

He said countering Islamic State’s use of encrypted messaging is “one of the greatest counterterrorism challenges of the 21th century.” At the same time, he was careful not to target encryption technology itself, which he described as “essential for privacy, data security and global commerce.”

In a Dec. 6 speech from the Oval Office, President Barack Obama announced plans to seek public/private cooperation on challenges posed by encrypted communications. He said he will “urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice.”

However, it is not clear if that message represents more than a change in tone from current policy. The administration had previously said it would not seek legislation to push companies to retain customers’ encryption keys and share them with law enforcement agencies.

U.S. CIO Tony Scott told FCW in a November interview that “at the end of the day, I think the better policy is probably not to require these backdoors” for law enforcement.

Although a new law could potentially cover U.S.-based providers and devices manufactured by U.S.-based companies, encryption applications would still be widely available beyond the country’s jurisdiction.

“All the really bad people who are highly motivated to keep their stuff secret are going to use the encryption method that doesn’t have a backdoor,” Scott said.

McCaul used the bulk of his speech to call for tighter restrictions on the Visa Waiver Program, as outlined in a bill introduced this week that would require high-risk individuals who have visited a terrorist hot spot to undergo an intensive screening process before entering the United States. He said that approach would also strengthen intelligence sharing with allies and help prevent passport fraud.